Multiple vulnerabilities in F5 BIG-IP
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-6159 CVE-2017-6160 CVE-2017-0303 CVE-2017-6157 CVE-2017-6163 CVE-2017-6161 CVE-2017-6162 |
| CWE-ID | CWE-284 CWE-20 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
BIG-IP LTM Hardware solutions / Security hardware applicances BIG-IP AFM Hardware solutions / Security hardware applicances BIG-IP Analytics Hardware solutions / Security hardware applicances BIG-IP APM Hardware solutions / Security hardware applicances BIG-IP ASM Hardware solutions / Security hardware applicances BIG-IP GTM Hardware solutions / Security hardware applicances BIG-IP PEM Hardware solutions / Security hardware applicances BIG-IP PSM Hardware solutions / Security hardware applicances BIG-IP AAM Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP DNS Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Link Controller Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP WebAccelerator Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP Edge Gateway Hardware solutions / Routers & switches, VoIP, GSM, etc BIG-IP WebSafe Server applications / Server solutions for antivurus protection Other |
| Vendor |
F5 Networks |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU8981
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6159
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the due to the MPTCP option is enabled on a virtual server. A remote attacker can use the MPTCP option of a TCP profile and cause TMM to restart hence temporarily failing to process traffic.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
BIG-IP LTM: 11.6.0 - 12.1.2
BIG-IP AAM: 11.6.0 HF5 - 12.1.2
BIG-IP AFM: 11.6.0 - 12.1.2
BIG-IP Analytics: 11.6.0 - 12.1.2
BIG-IP APM: 11.6.0 - 12.1.2
BIG-IP ASM: 11.6.0 - 12.1.2
BIG-IP GTM: 11.6.0 - 11.6.1
BIG-IP DNS: 12.0.0 HF1 - 12.1.2
BIG-IP Link Controller: 11.6.0 - 12.1.2
BIG-IP PEM: 11.6.0 - 12.1.2
BIG-IP WebSafe: 11.6.0 - 12.1.1
CPE2.3- cpe:2.3:h:f5_networks:big-ip_ltm:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:12.0.0 HF1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.6.0:HF5:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.6.0:HF6:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.6.0:HF7:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:12.0.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.0.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:11.6.0:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K10002335
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Denial of service
EUVDB-ID: #VU8982
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6160
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in the virtual servers using a Policy Enforcement profile or a Web Acceleration profile due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to cause Traffic Management Microkernel (TMM) to restart and temporarily fail to process traffic.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
BIG-IP AAM: 11.4.0 HF4 - 12.1.1
BIG-IP PEM: 11.5.1 HF6 - 12.1.1
CPE2.3- cpe:2.3:h:f5_networks:big-ip_aam:11.4.0:HF4:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.4.0:HF6:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.4.0:HF8:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.0:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K19430431
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU8983
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-0303
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an error when removing connections handled by a virtual server with an associated SOCKS profile from the connection table when the connections are finished. A remote attacker can consume all available connection resources and cause the system to be unable to process additional connections.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
BIG-IP LTM: 11.5.1 HF6 - 13.0.0
BIG-IP AAM: 11.5.1 HF6 - 13.0.0
:
BIG-IP Analytics: 11.5.1 HF6 - 13.0.0
:
BIG-IP ASM: 11.5.1 HF6 - 13.0.0
BIG-IP GTM: 11.5.1 HF6 - 11.6.1
:
BIG-IP Link Controller: 11.5.4 - 13.0.0
:
BIG-IP WebSafe: 11.6.0 - 13.0.0
CPE2.3- cpe:2.3:h:f5_networks:big-ip_ltm:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.5.1:HF6:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.5.1:HF10:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.5.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.5.1:HF6:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.5.1:HF6:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.0.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:11.6.0:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K30201296
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Security restrictions bypass
EUVDB-ID: #VU8984
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-6157
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists in the virtual servers with a configuration that uses the HTTP Explicit Proxy function and/or a SOCKS profile. A remote attacker can modify BIG-IP system configuration, extract sensitive system files, and/or possible execute arbitrary command on the BIG-IP system.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
BIG-IP WebSafe: 11.6.0 - 12.1.1
BIG-IP PEM: 11.5.1 HF6 - 12.1.1
BIG-IP Link Controller: 11.5.4 - 12.1.1
BIG-IP ASM: 11.5.4 - 12.1.1
BIG-IP APM: 11.5.4 - 12.1.1
BIG-IP AFM: 11.5.1 HF6 - 12.1.1
BIG-IP AAM: 11.5.0 - 12.1.1
BIG-IP LTM: 11.5.1 HF6 - 12.1.1
CPE2.3- cpe:2.3:a:f5_networks:big-ip_websafe:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:12.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.5.1:HF6:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.5.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.5.1 HF6:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K02692210
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Denial of service
EUVDB-ID: #VU8985
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6163
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists when a virtual server uses the standard configuration of HTTP/2 or SPDY profile with Client SSL profile. A remote attacker can send a large number of connections greater than the advertised limit to disrupt Traffic Management Microkernel (TMM) data plane service.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
BIG-IP PSM: 11.4.0 - 11.4.1
BIG-IP PEM: 11.5.1 HF6 - 12.1.2
BIG-IP Link Controller: 11.5.1 HF6 - 12.1.2
BIG-IP ASM: 11.5.1 HF6 - 12.1.2
BIG-IP APM: 11.5.1 HF6 - 12.1.2
BIG-IP AFM: 11.4.0 - 12.1.2
BIG-IP AAM: 11.4.0 HF4 - 12.1.2
BIG-IP LTM: 11.4.0 - 12.1.2
CPE2.3- cpe:2.3:h:f5_networks:big-ip_psm:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_psm:11.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.5.1:HF6:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.4.0:HF4:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.4.0:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K22541983
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource exhaustion
EUVDB-ID: #VU8986
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6161
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw in configuration synchronization (ConfigSync). A remote attacker can bypass the TLS protections on connections to the master control program daemon (MCPD), consume excessive resources and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
BIG-IP WebAccelerator: 11.2.1
BIG-IP PSM: 11.4.0 - 11.4.1
BIG-IP PEM: 11.4.0 - 12.1.2
BIG-IP Link Controller: 11.2.1 - 12.1.2
BIG-IP GTM: 11.2.1 - 11.6.1
BIG-IP Edge Gateway: 11.2.1
BIG-IP DNS: 12.0.0 HF1 - 12.1.2
BIG-IP ASM: 11.2.1 - 12.1.2
BIG-IP APM: 11.2.1 - 12.1.2
BIG-IP Analytics: 11.2.1 - 12.1.2
BIG-IP AFM: 11.4.0 - 12.1.2
BIG-IP AAM: 11.4.0 HF4 - 12.1.2
BIG-IP LTM: 11.2.1 - 12.1.2
CPE2.3- cpe:2.3:h:f5_networks:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_psm:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_psm:11.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.5.4:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.5.1 HF6:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.0.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.4.0:HF4:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.2.1:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K62279530
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper input validation
EUVDB-ID: #VU8987
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-6162
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists in virtual servers configured with a TCP profile due to improper input validation. A remote attacker can send specially crafted TCP traffic to cause the target Traffic Management Microkernel (TMM) to restart.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
BIG-IP PSM: 11.4.1
BIG-IP WebAccelerator: 11.2.1
BIG-IP WebSafe: 11.6.0 - 12.1.2
BIG-IP Edge Gateway: 11.2.1
BIG-IP DNS: 12.0.0 HF1 - 12.1.2
BIG-IP PEM: 11.4.0 - 12.1.2
BIG-IP Link Controller: 11.2.1 - 12.1.2
BIG-IP GTM: 11.2.1 - 11.6.1
BIG-IP ASM: 11.2.1 - 12.1.2
BIG-IP APM: 11.2.1 - 12.1.2
BIG-IP Analytics: 11.2.1 - 12.1.2
BIG-IP AFM: 11.4.0 - 12.1.2
BIG-IP AAM: 11.4.0 HF4 - 12.1.2
BIG-IP LTM: 11.2.1 - 12.1.2
CPE2.3- cpe:2.3:h:f5_networks:big-ip_psm:11.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_webaccelerator:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:11.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:11.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:f5_networks:big-ip_websafe:12.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_edge_gateway:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.0.0:HF1:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.0.0:HF3:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_dns:12.0.0:HF4:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_pem:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_link_controller:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_gtm:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_asm:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_apm:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_analytics:11.2.1:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_afm:11.4.0:*:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_aam:11.4.0:HF4:*:*:*:*:*:*
- cpe:2.3:h:f5_networks:big-ip_ltm:11.2.1:*:*:*:*:*:*:*
https://support.f5.com/csp/article/K13421245
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
